summaryrefslogtreecommitdiff
path: root/indoteknik_api/controllers/api_v1
diff options
context:
space:
mode:
Diffstat (limited to 'indoteknik_api/controllers/api_v1')
-rw-r--r--indoteknik_api/controllers/api_v1/download.py46
-rw-r--r--indoteknik_api/controllers/api_v1/sale_order.py98
2 files changed, 129 insertions, 15 deletions
diff --git a/indoteknik_api/controllers/api_v1/download.py b/indoteknik_api/controllers/api_v1/download.py
index 36f775b5..d9353896 100644
--- a/indoteknik_api/controllers/api_v1/download.py
+++ b/indoteknik_api/controllers/api_v1/download.py
@@ -1,7 +1,6 @@
from .. import controller
from odoo import http
from odoo.http import request
-import base64
class Download(controller.Controller):
@@ -13,22 +12,41 @@ class Download(controller.Controller):
('res_field', '=', field),
('res_id', '=', id),
], ['datas', 'mimetype'])
- return result if len(result) > 0 else None
+ return result[0] if len(result) > 0 else None
- @http.route(PREFIX + 'download/invoice/<id>', auth='none', method=['GET'])
- def download_invoice(self, **kw):
- id = int(kw.get('id', 0))
- return request.render('account.report_invoice', {'id': id})
+ @http.route(PREFIX + 'download/invoice/<id>/<token>', auth='none', method=['GET'])
+ def download_invoice(self, id, token):
+ id = int(id)
+
+ rest_api = request.env['rest.api']
+ md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
+ if not md5_valid:
+ return self.response('Unauthorized')
+
+ account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
+ pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'account.report_invoice')])._render_qweb_pdf([id])
+ return rest_api.response_attachment({
+ 'content': pdf,
+ 'mimetype': 'application/pdf',
+ 'filename': account_move[0]['name']
+ })
@http.route(PREFIX + 'download/tax-invoice/<id>/<token>', auth='none', method=['GET'])
def download_tax_invoice(self, id, token):
id = int(id)
- md5_by_id = request.env['rest.api'].md5_salt(id, 'account.move')
- if md5_by_id == token:
- attachment = self._get_attachment('account.move', 'efaktur_document', id)
- if attachment:
- return request.make_response(base64.b64decode(attachment['datas']), [('Content-Type', attachment['mimetype'])])
- return self.response('Dokumen tidak ditemukan', code=404)
-
- return self.response('Tidak diizinkan')
+ rest_api = request.env['rest.api']
+ md5_valid = rest_api.md5_salt_valid(id, 'account.move', token)
+ if not md5_valid:
+ return self.response('Unauthorized')
+
+ account_move = request.env['account.move'].sudo().search_read([('id', '=', id)], ['name'])
+ attachment = self._get_attachment('account.move', 'efaktur_document', id)
+ if attachment and len(account_move) > 0:
+ return rest_api.response_attachment({
+ 'content': attachment['datas'],
+ 'decode_content': True,
+ 'mimetype': attachment['mimetype'],
+ 'filename': account_move[0]['name'],
+ })
+ return self.response('Dokumen tidak ditemukan', code=404)
diff --git a/indoteknik_api/controllers/api_v1/sale_order.py b/indoteknik_api/controllers/api_v1/sale_order.py
index 57a933f9..5f888e6c 100644
--- a/indoteknik_api/controllers/api_v1/sale_order.py
+++ b/indoteknik_api/controllers/api_v1/sale_order.py
@@ -3,6 +3,7 @@ from odoo import http
from odoo.http import request
import json
+
class SaleOrder(controller.Controller):
prefix = '/api/v1/'
PREFIX_PARTNER = prefix + 'partner/<partner_id>/'
@@ -119,7 +120,7 @@ class SaleOrder(controller.Controller):
return self.unauthorized_response()
if not params['valid']:
return self.response(code=400, description=params)
-
+
partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
domain = [
('id', '=', params['value']['id']),
@@ -133,6 +134,101 @@ class SaleOrder(controller.Controller):
return self.response(data)
+ @http.route(PREFIX_PARTNER + 'sale_order/<id>/upload_po', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+ def partner_upload_po_sale_order(self, **kw):
+ user_token = self.authenticate()
+ if not user_token:
+ return self.unauthorized_response()
+
+ params = self.get_request_params(kw, {
+ 'partner_id': ['number'],
+ 'id': ['number'],
+ 'name': [],
+ 'file': []
+ })
+ if not user_token['partner_id'] == params['value']['partner_id']:
+ return self.unauthorized_response()
+ if not params['valid']:
+ return self.response(code=400, description=params)
+ partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+ domain = [
+ ('id', '=', params['value']['id']),
+ ('partner_id', 'in', partner_child_ids)
+ ]
+ data = False
+ sale_order = request.env['sale.order'].search(domain)
+ if sale_order:
+ sale_order.partner_purchase_order_name = params['value']['name']
+ sale_order.partner_purchase_order_file = params['value']['file']
+ data = sale_order.id
+ return self.response(data)
+
+ @http.route(PREFIX_PARTNER + 'sale_order/<id>/download_po/<token>', auth='none', method=['GET'])
+ def partner_download_po_sale_order(self, id, token):
+ id = int(id)
+
+ rest_api = request.env['rest.api']
+ md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+ if not md5_valid:
+ return self.response('Unauthorized')
+
+ sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['partner_purchase_order_name'])
+ attachment = rest_api.get_single_attachment('sale.order', 'partner_purchase_order_file', id)
+ if attachment and len(sale_order) > 0:
+ return rest_api.response_attachment({
+ 'content': attachment['datas'],
+ 'decode_content': True,
+ 'mimetype': attachment['mimetype'],
+ 'filename': sale_order[0]['partner_purchase_order_name']
+ })
+ return self.response('Dokumen tidak ditemukan', code=404)
+
+ @http.route(PREFIX_PARTNER + 'sale_order/<id>/download/<token>', auth='none', method=['GET'])
+ def partner_download_sale_order(self, id, token):
+ id = int(id)
+
+ rest_api = request.env['rest.api']
+ md5_valid = rest_api.md5_salt_valid(id, 'sale.order', token)
+ if not md5_valid:
+ return self.response('Unauthorized')
+
+ sale_order = request.env['sale.order'].sudo().search_read([('id', '=', id)], ['name'])
+ pdf, type = request.env['ir.actions.report'].sudo().search([('report_name', '=', 'sale.report_saleorder')])._render_qweb_pdf([id])
+ if pdf and len(sale_order) > 0:
+ return rest_api.response_attachment({
+ 'content': pdf,
+ 'mimetype': 'application/pdf',
+ 'filename': sale_order[0]['name']
+ })
+ return self.response('Dokumen tidak ditemukan', code=404)
+
+ @http.route(PREFIX_PARTNER + 'sale_order/<id>/cancel', auth='public', method=['POST', 'OPTIONS'], csrf=False)
+ def partner_cancel_sale_order(self, **kw):
+ user_token = self.authenticate()
+ if not user_token:
+ return self.unauthorized_response()
+
+ params = self.get_request_params(kw, {
+ 'partner_id': ['number'],
+ 'id': ['number']
+ })
+ if not user_token['partner_id'] == params['value']['partner_id']:
+ return self.unauthorized_response()
+ if not params['valid']:
+ return self.response(code=400, description=params)
+
+ partner_child_ids = self.get_partner_child_ids(params['value']['partner_id'])
+ domain = [
+ ('id', '=', params['value']['id']),
+ ('partner_id', 'in', partner_child_ids)
+ ]
+ data = False
+ sale_order = request.env['sale.order'].search(domain)
+ if sale_order:
+ sale_order.state = 'cancel'
+ data = sale_order.id
+ return self.response(data)
+
@http.route(PREFIX_PARTNER + 'sale_order/checkout', auth='public', method=['POST', 'OPTIONS'], csrf=False)
def create_partner_sale_order(self, **kw):
user_token = self.authenticate()
generated by cgit v1.2.3 (git 2.25.1) at 2026-04-19 05:41:30 +0000